Post-Quantum Algorithms in OpenSSL

Recently NIST published a number of post-quantum algorithm standards (ML-KEM, ML-DSA, and SLH-DSA). With these new NIST publications, OpenSSL is now prepared for implementation.

We’ve recently been receiving a lot of questions about these new standards so we wanted to make our position clear:

• We intend to implement support for these algorithms in our providers in a future version of OpenSSL
• We are currently putting together our project plans for this, stay tuned for more information regarding timeline
• We invite qualified and skilled individuals to help us implement these algorithms and integrate them into OpenSSL in accordance with our standards and policies.

From early 2022 a research project made available a test vehicle enabling TLS1.3 and X.509 support for many pre-standard and other experimental post-quantum algorithms via the OpenSSL provider interface, called oqs-provider. Its primary author and maintainer (Michael Baentsch) has now joined the OpenSSL team with the goal to support an efficient, secure, smooth and seamless integration of the now standardised post-quantum algorithms from NIST into the OpenSSL code base. Many lessons learnt from the process of building and integrating oqs-provider into downstream applications will be applied to this process.

If you have any questions or comments regarding Post-Quantum Algorithms in OpenSSL please contact us at feedback@openssl.org. We will attend the ICMC Conference 18th - 20th September 2024 and are happy to discuss this topic with you there.